On April 3, 2017, a high-risk vulnerability of the Linux kernel was made public, which allows an attacker to run arbitrary code to obtain the highest level of permissions in the operating system or cause a denial of service, with the likelihood of data leakage. The risk rating is high.

See the following for more information about the vulnerability.

CVE identifier

CVE-2016-10229

Vulnerability name

Linux kernel remote code execution vulnerability

Vulnerability rating

High

Vulnerability description

The Linux kernels earlier than 4.5 allow a remote attacker to trigger an insecure second checksum calculation over UDP when recv with the MSG_PEEK flag is called. Then, the attacker can run arbitrary code to take control of the Linux operating system or cause a denial of service.

Condition and method of exploitation

Hackers can exploit this vulnerability to run code remotely.

Affected scope

Red Hat (RHEL 5/6/7)

The Linux kernels affected by this vulnerability include the following (version 4.5 is unaffected):